1. Field of the Invention
This invention relates generally to computer authentication systems and methods. More specifically, the invention relates to a user using an integrated circuit device to provide various user credentials, among other information, to one or more computer systems.
2. Description of the Related Art
Typically, individuals are required to provide one or more credentials such as identification and authentication information (e.g., a username and password) to access various computer systems, networks, and/or information. Various methods and systems can be used for identification and authentication that can be more robust than a username and password combination. One such system is a smart card system. A smart card is, typically, a card about the size of a credit card or a business card which comprises an embedded integrated circuit (IC) device. Other form factors of smart cards can be used, as well. The IC device generally comprises a microprocessor or microcontroller, a memory, and an input/output (I/O) interface, among other elements. The IC device is programmed with various information and/or one or more software programs.
In general, smart cards can provide one or more credentials such as identification and authentication information along with other information such as bank account information, medical information, personal identification numbers (PINs), a digital certificate, a digital signature, social security information, etc. Smart cards can even verify information of a human being before disseminating or transmitting stored information. For example, a smart card can verify fingerprint information before disseminating and/or transmitting a password.
Smart cards can be coupled to a computer system in a variety of ways. In various examples, a smart card may be coupled to a computer system by a universal serial bus (USB), serial (e.g., RS-232), PCMCIA (Personal Computer Memory Card International Association), a keyboard (e.g., with a PS/2 cable and/or connector), or FireWire (IEEE 1394), among other typical couplings for peripheral devices.
In addition to identifying and/or authenticating a user of a computer system by using a smart card to provide one or more user credentials, other authentication systems and/or methods may also be utilized. For example, various credentials of the computer system used by the user may also be used in determining whether or not access may be granted to the user and/or the computer system used by the user. In one instance, software executing on the computer system can require credentials of the computer system before executing further functionality of the software and/or before executing other software. In a second instance, a server computer system may have a list of computer system credentials indicating certain computer systems with which it may communicate, and each computer system may provide credentials to the server computer system in order to communicate with the server computer system over a network. In other words, the server computer system may not communicate with a “rogue” computer system introduced to the network. Credentials that may be provided to the server computer system may include endorsement credentials, platform credentials, and/or conformance credentials, among other credentials. Each computer system may include an integrated circuit (IC) device which may be or may include a trusted platform module (TPM) which can manage the credentials and/or provide various credentials to the server computer system. In general, TPMs are not meant to be used on more than one computer system; thus, a TPM of a computer system is often soldered to the computer system.
Typically, if a computer system includes a TPM, the computer system uses a low pin count (LPC) bus to communicate with the TPM. The LPC bus was designed by Intel to implement an ISA (Industry Standard Interface) bus in a computer system. In general, the LPC bus may include a range of six to thirteen interface pins while the ISA bus may include a range of thirty-six to ninety-eight interface pins. The LPC bus has certain characteristics or operations which require executing specific software to communicate with devices (e.g., the TPM) coupled to the LPC bus. For example, the LPC bus has read and write cycles which are used for retrieving and storing data of devices coupled to the LPC bus, and software executing on the computer system would need to be executable to use these read and write cycles to communicate with devices coupled to the LPC bus.
In general, an operating system executing on a computer system may comprise the software executable to use these read and write cycles to communicate with devices coupled to the LPC bus, and, thus, the operating system can communicate with a TPM of the computer system. An operating system communicating with the TPM is considered a “trusted” operating system. Applications executing on the computer system can rely on credentials and/or other identification and authentication information from the TPM. Since these applications rely on credentials from the TPM, they are considered “trusted” applications. In general, the trusted operating system executes the trusted applications and providers one or more software interfaces that allow the trusted applications to communicate with the TPM.
Even with the one or more software interfaces that allow the trusted applications to interface with a device coupled to the LPC bus, currently, there exists no method and/or no system to access an IC device carried by a user (e.g., an IC device comprised in a smart card) through a LPC bus of a computer system. Therefore, there exists a need for a system and method for a trusted operating system and/or trusted application to interface with IC devices which are removable (i.e. carried by users) and provide user credentials and which are coupled to the LPC bus of a computer system.